Aaron Parecki

61°F

Donut.js 🍩 6pm Tue Apr 24 at Alchemy Code Lab http://donutjs.club

Hello everybody, Donut.js is tonight! Tickets are still available! Join us at 6pm at @AlchemyCodeLab for superb talks from @ryrykubes and @sandyaaaas and @elnoelle. Come support http://portlandmeetportland.org! Come and eat donuts and chat and party! https://donutjs.club

Portland, Oregon • 78°F

Tue, Apr 24, 2018 2:43pm -07:00 (liked on Tue, Apr 24, 2018 3:05pm -07:00)
Adam Lewis https://twitter.com/lewiada • Apr 24
and what about for storing the access token in the browser?

Sadly there isn't a satisfying answer to that. Anything that your JS can use to store any token is vulnerable to XSS. The only secure option is cookies, but that won't work with OAuth. https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

Portland, Oregon • 75°F

1 like 3 replies

Tue, Apr 24, 2018 12:07pm -07:00
@buffer Does this Facebook API announcement mean publishing to Facebook from Buffer will stop working? https://developers.facebook.com/blog/post/2018/04/24/new-facebook-platform-product-changes-policy-updates/

Portland, Oregon • 73°F

1 like 2 replies

Tue, Apr 24, 2018 11:41am -07:00
Aaron Parecki https://aaronparecki.com/ • Apr 24
BCP for public UA clients:

• use the authorization code flow
• omit client secret
• strict redirect URI validation

Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps

I agree it would be nice to see this written up properly though. In the mean time, I'm adding a section to my book about this.

Portland, Oregon • 72°F

2 likes 1 repost

Tue, Apr 24, 2018 11:05am -07:00
Adam Lewis https://twitter.com/lewiada • Apr 24
We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.

BCP for public UA clients:

• use the authorization code flow
• omit client secret
• strict redirect URI validation

Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps

Portland, Oregon • 71°F

3 likes 1 repost 6 replies

Tue, Apr 24, 2018 10:57am -07:00 #oauth2
Adam Lewis https://twitter.com/lewiada

We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.

Portland, Oregon • 71°F

Tue, Apr 24, 2018 1:48pm -04:00 (liked on Tue, Apr 24, 2018 10:52am -07:00)
Donut.js 🍩 6pm Tue Apr 24 at Alchemy Code Lab http://donutjs.club

To address some audiovisual technical difficulties, we’ve been working with @aaronpk and @AlchemyCodeLab to overhaul our presentation and recording setup. Just got back from a second round of testing everything out, and it’s looking and sounding great!! 🎙🍩‿🍩📹

Portland, Oregon • 72°F

Mon, Apr 23, 2018 2:57pm -07:00 (liked on Mon, Apr 23, 2018 3:00pm -07:00)
at Broadway Books

Portland, Oregon • Mon, April 23, 2018 2:14pm

45.53489 -122.648047

Got the second to last copy of John Oliver's Marlon Bundo book!

Portland, OR, United States • 72°F

30 Coins

Mon, Apr 23, 2018 2:14pm -07:00
OktaDev http://developer.okta.com

Friends don't let friends write auth.

"The greatest teacher failure is." — Yoda

Portland, Oregon • 58°F

Mon, Apr 23, 2018 9:55am -07:00 (liked on Mon, Apr 23, 2018 10:07am -07:00)
Kristof De Jaeger https://realize.be

Managed to complete the dance of creating an event and rsvp'ing through #Indigenous, then displaying attendees on the #Drupal side. #indieweb

Portland, Oregon • 40°F

Sun, Apr 22, 2018 11:31am +02:00 (liked on Sun, Apr 22, 2018 6:57am -07:00) #Indigenous #Drupal #indieweb
Barney Dellar https://twitter.com/branaby

Wow. I guess it’s time we all stopped using @eventbrite. They claim the right to attend your event, film it, and own the copyright. https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-merchant-agreement?lg=en_US#8

Portland, Oregon • 63°F

Fri, Apr 20, 2018 5:48am +00:00 (liked on Sat, Apr 21, 2018 5:49pm -07:00)
at Prince Coffee

Portland, Oregon • Sat, April 21, 2018 4:19pm

45.548306 -122.61671

Portland, OR, United States • 62°F

27 Coins

Sat, Apr 21, 2018 4:19pm -07:00
Brian Fitzpatrick http://www.red-bean.com/fitz/

Pro tip: If you're a slimebag who uses black hat SEO to get prime ranking on Google, don't get wasted and blab about how you use black hat SEO *and* show the queries *and* your website to some random person at a bar who used to work at Google and knows half the webspam team. :-)

Portland, Oregon • 57°F

Fri, Apr 20, 2018 11:31am -05:00 (liked on Sat, Apr 21, 2018 10:36am -07:00)
at Gate 75

San Francisco, California • Fri, April 20, 2018 6:46pm

37.61775 -122.387986

San Francisco, CA, United States • 64°F

1 reply 15 Coins

Fri, Apr 20, 2018 6:46pm -07:00
at Pie Five Pizza Co.

San Francisco, California • Fri, April 20, 2018 6:39pm

37.620282 -122.388071

San Francisco, CA, United States • 64°F

17 Coins

Fri, Apr 20, 2018 6:39pm -07:00
at TSA Pre Check Terminal 3

San Francisco, California • Fri, April 20, 2018 6:27pm

37.618002 -122.38645

San Francisco, CA, United States • 65°F

18 Coins

Fri, Apr 20, 2018 6:27pm -07:00
at Terminal 3

San Francisco, California • Fri, April 20, 2018 6:22pm

37.618032 -122.386497

San Francisco, CA, United States

7 Coins

Fri, Apr 20, 2018 6:22pm -07:00
at San Francisco International Airport (SFO)

San Francisco, California • Fri, April 20, 2018 6:19pm

37.617184 -122.385756

Goodbye for now, SF!

San Francisco, CA, United States

10 Coins

Fri, Apr 20, 2018 6:19pm -07:00
Stacey DePolo 🌻 http://staceydepolo.com

People have the power to take our attention back from social networks. Alternatives to #deleteFacebook are emerging... @aaronpk built his own #IndieWeb reader so he, not some algorithm, decides what content to read. http://bit.ly/2HPeqyA

San Francisco, California • 59°F

1 mention

Fri, Apr 20, 2018 12:53pm -07:00 (liked on Fri, Apr 20, 2018 5:21pm -07:00) #deleteFacebook #IndieWeb
An IndieWeb reader: My new home on the internet (www.godaddy.com)

Fri, Apr 20, 2018 4:55pm -07:00 #indieweb #monocle

older